CustomTech Blog: NoMachine OpenSSL security vulnerability

Quick Contact

Thursday, 12 June 2014

NoMachine OpenSSL security vulnerability

An information disclosure revealed an injection vulnerability in OpenSSL’s ChangeCipherSpec processing making it possible for malicious third parties to force the use of weak keying material in OpenSSL SSL/TLS clients and servers.
This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and even modify traffic from the attacked client and server (CVE-2014-0224).

All NoMachine 4 users are strongly invited to update their client and server installations to this release, 4.2.25. Users of 3.5.0 are not affected.
More information on-line: https://www.nomachine.com/SU06L00100